<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html lang="zh">

<head>
	<meta http-equiv="content-type" content="text/html;charset=utf-8">
	<link rel="stylesheet" href="/SimpleBlog/css/default.css" type="text/css" />
	<title>小博客</title>
</head>

<?php

session_start();

require_once '/inc/db.inc.php';
require_once '/inc/functions.inc.php';

try {
	$link = new PDO(DB_INFO, DB_USERNAME, DB_PASSWORD);
} catch (PDOException $p) {
	die("数据库连接错误:".$p->getMessage()."<br />");
}

if (isset($_POST['action']) && $_POST["action"] == "delete") {
	if ($_POST["submit"] == "是") {
		if (delete_entry($link, $_POST["url"])) {
			redirect("/SimpleBlog/blog/", "删除成功。");
			die();
		} else {
			redirect("/SimpleBlog/blog/", "删除失败。");
			die();
		}
	} else {
		redirect("/SimpleBlog/blog/".urlencode(urldecode($_POST["url"])), "撤消删除。");
		die();
	}
}

// 若提供了 URL 则要么删除要么编辑
if (isset($_GET["url"])) { # editing a entry
	$url = $_GET["url"];
	$legend = "编辑文章";
} else {
	$legend = "发布新文章";
}

if (isset($_GET["page"])) {
	$page = htmlentities(strip_tags($_GET["page"]));
} else {
	$page = "blog";
}

if ($page == "createuser") {
	echo create_user_form();
	exit();
}

if (!(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == 1)): ?>
		<body>
		<form method="POST" action="/SimpleBlog/inc/update.inc.php" enctype="multipart/form-data">
		<fieldset>
			<legend>请登录管理帐号</legend>
			<label>用户名
				<input type="text" name="username" maxlength="75" />
			</label>
			<label>密码
				<input type="password" name="password" maxlength="150" />
			</label>
			<label>验证码
				<img src="/SimpleBlog/inc/verify.inc.php" />
				<input type="text" name="verify" maxlength="4" />
			</label>
			<input type="hidden" name="action" value="login" />
			<input type="submit" name="submit" value="登录" />
		</fieldset>
		</form>
		</body>
		</html>
<?php exit(); endif;

if (isset($url) && $page != "delete") {
	$content = retrieve_entries($link, $page, $url);
	$id = $content[0]["id"];
	$title = $content[0]["title"];
	$entry = $content[0]["entry"];
} else {
	$id = NULL;
	$title = NULL;
	$entry = NULL;
}

if ($page == "delete") {
	if (!isset($url)) {
		redirect("/SimpleBlog", "未提供删除对象。");
	}
	$confirm = confirm_delete($link, $url);
}

?>

<body>
	<h1>文章管理</h1>
	<?php if ($page != "delete"):?>
	<form method="POST" action="/SimpleBlog/inc/update.inc.php"
	enctype="multipart/form-data">
		<fieldset>
			<legend><?php echo $legend;?></legend>
			<label>标题
				<input type="text" name="title" maxlength="150" value="<?php echo htmlentities($title);?>"/>
			</label>
			<label>图片
				<input type="file" name="image">
			</label>
			<label>内容
				<textarea rows="15" cols="25" name="entry"><?php echo santinize_data($entry);?></textarea>
			</label>
			<input type="hidden" name="page" value="<?php echo $page;?>">
			<input type="hidden" name="id" value="<?php echo $id;?>">
			<input type="submit" name="submit" value="提交">
			<input type="submit" name="submit" value="取消">
		</fieldset>
	</form>
	<?php else: echo $confirm;?>
	<?php endif;?>
</body>

</html>